It's safe to say that there's one thing that you don't mess around with, and that's performance. Enthusiasts don't spend hundreds of dollars on a processor to watch it underperform. Given the complicated nature of the Meltdown and Spectre vulnerabilities, Microsoft's so-called mitigations were bound to have an impact on processor performance. The million dollar question was: Just how much? The initial estimate was somewhere around 30%, but Intel, being optimistic as usual, expected the performance impact to be insignificant for the average user. They recently provided some preliminary benchmark results that looked quite convincing too. Well, let's take a look at their findings, shall we?

Intel measured the mitgations' impact on CPU performance using their 6th, 7th, and 8th Generation Intel Core processors but, more specifically, the i7-6700K, i7-7920HQ, i7-8650U, and i7-8700K. The preferred operating system used in the majority of the benchmarks was Windows 10, however, Windows 7 also made a brief appearance. Intel chose four key benchmarks for their testing. SYSmark 2014 SE evaluated CPU performance on an enterprise level simulating office productivity, data and financial analysis, and media creation. PC Mark 10, on the other hand, tested performance in real-world usage employing different workloads like web browsing, video conferencing, application start-up time, spreadsheets, writing, and digital content creation. 3DMark Sky Diver assessed CPU performance in a DirectX 11 gaming scenario. Lastly, WebXPRT 2015 measured system performance using six HTML5- and JavaScript-based workloads which include photo enhancement, organize album, stock option pricing, local notes, sales graphs, and explore DNA sequencing.

The SYSmark 2014 SE overall results showed a moderate decrease in CPU performance between 6% to 8% with the i7-6700K the being the most affected. System responsiveness took the biggest hit with performance dropping up to 21% on the i7-6700K. The Responsiveness scenario tested activities like application launches, application installation, web browsing with many tabs open, file copies, photo manipulation, and multi-tasking - all of which are heavily influenced by the type of storage. So, don't let that i7-6700K with the hard drive result fool you. PCMark 10 registered penalties in the range of 3% to 4% with the i7-7920HQ being least affected. We weren't surprised to see that the mitigations didn't affect gaming performance in 3DMark Sky Diver, since we had already done our own tests in 21 different games. Results from WebXPRT 2015 reveal performance drops between 5% to 10%.

Depends how you read the bench. A HDD is already bottlenecking absolute performance. If you see a drop there, it goes from slow to 'slower'. For connected systems, the weakest link will now get just a bit weaker. The SSD-based system on that same network, will still be faster.

Liviu Cojocaru said:Let's hope this will be a lesson learned by Intel and the others

Meaning what?
The best security experts in the world didn't think about this for a decade, what would have you expected from a handful of designers? As embarrassing, annoying and infuriating this is, you have to realize these things are unavoidable. The same way no software is without bugs, no hardware is immune either.

ShurikN said:What about VM testing. Since that is where the hit is presumably the largest

I don't think there's anything special about VMs. Just that they were involved in the first scenario that demonstrated how to exploit the vulnerabilities. I still wouldn't mind some benches, but if VMWare was used, they explicitly prohibit publishing of benchmarks.

bug said:Meaning what?
The best security experts in the world didn't think about this for a decade, what would have you expected from a handful of designers? As embarrassing, annoying and infuriating this is, you have to realize these things are unavoidable. The same way no software is without bugs, no hardware is immune either.

This is not a small bug or flaw so that is why I hope they learn something from this and try to avoid it in the future (maybe they put more effort into security as the cyber security is a very complex thing nowadays)

Liviu Cojocaru said:This is not a small bug or flaw so that is why I hope they learn something from this and try to avoid it in the future (maybe they put more effort into security as the cyber security is a very complex thing nowadays)

Not a small bug? Do you actually understand how many stars need to align to trigger this? Sure, aligning those stars is what crackers/hackers do, so it doesn't mean it's not dangerous. But this is so complex, it's nigh impossible to detect in a timely manner.

bug said:Not a small bug? Do you actually understand how many stars need to align to trigger this? Sure, aligning those stars is what crackers/hackers do, so it doesn't mean it's not dangerous. But this is so complex, it's nigh impossible to detect in a timely manner.

Do you work for Intel? As long as it has been discovered, the threat is real...I have nothing else to say

bug said:Meaning what?
The best security experts in the world didn't think about this for a decade, what would have you expected from a handful of designers? As embarrassing, annoying and infuriating this is, you have to realize these things are unavoidable. The same way no software is without bugs, no hardware is immune either.

You really sound like you are apologizing for Intel. This wasn't something that escaped their notice, rather something they deliberately chose to ignore and hope no one would find out as they continued to release new products with the flaw.

rtwjunkie said:You really sound like you are apologizing for Intel. This wasn't something that escaped their notice, rather something they deliberately chose to ignore and hope no one would find out as they continued to release new products with the flaw.

I'm just trying to say this is not your regular software glitch. This is a problem that has been in the silicon for a decade and no one, I mean absolutely no one, noticed. It actually wasn't even a problem until someone figured out how to exploit it. Until that point it was thought to be a harmless side-effect.
Sure, Intel "deliberately chose to ignore" it, but only after some third party told them about the problem. Still a lousy thing to do, but presumably Coffee Lake was too far in development (something that only makes sense from the business' point of view, not customer's).

And just to be clear: this is bad, this is not up for debate. The only issue I have is Liviu's "I hope they learn something from this and try to avoid it in the future" statement. This is such a complex setup, it's extremely hard to guard against. It's also probably why Intel decided they need to create an entire new division. But even so, I'm sure even more sophisticated attacks will be devised down the road. It's just how the security game is played.

Yeah. Yesterday night I told myself YOLO and just ordered an 8700k + the rest.

Monday we be buildin! Cant wait.

As far as performance on my current (IvyB) rig; I do notice loading times have increased marginally across the board, that is the only effect in terms of gaming. Browser performance seems equal-ish to what it was. File system workloads do seem a little bit less snappy than they were. Basically most things connected to storage did take a little hit, it seems. Overall no dealbreakers to me.

bug said:I'm just trying to say this is not your regular software glitch. This is a problem that has been in the silicon for a decade and no one, I mean absolutely no one, noticed. It actually wasn't even a problem until someone figured out how to exploit it. Until that point it was thought to be a harmless side-effect.
Sure, Intel "deliberately chose to ignore" it, but only after some third party told them about the problem. Still a lousy thing to do, but presumably Coffee Lake was too far in development (something that only makes sense from the business' point of view, not customer's).

And just to be clear: this is bad, this is not up for debate. The only issue I have is Liviu's "I hope they learn something from this and try to avoid it in the future" statement. This is such a complex setup, it's extremely hard to guard against. It's also probably why Intel decided they need to create an entire new division. But even so, I'm sure even more sophisticated attacks will be devised down the road. It's just how the security game is played.

No one who wanted everyone to find out at least, sorry find it hard out of billions of people no one used these flaws that Intel know about and will not be paying up to all those now known dodgy cpu's that were sold with a critical flaw purposelessly.

The numbers at least as a home user and not data center/cloud environment raise the thought of whether to apply the patch for it or not. In theory the exposure as a home user would just be another vector for viruses or malware which your AV should catch. And if you're pretty good about not clicking bad links, attachments, etc. that decreases the likelihood even more of running into an issue with it.

It's still probably worth the 5-10% performance hit in my case, but it does at least make you ponder it. I'd bet a lot of home users out there opt not to apply it. There are loads of gamers out there still running older OS's and/or not patching, for smaller performance benefits than the hit this patch causes.

AsRock said:No one who wanted everyone to find out at least, sorry find it hard out of billions of people no one used these flaws that Intel know about and will not be paying up to all those now known dodgy cpu's that were sold with a critical flaw purposelessly.

I hope Intel get whats coming to them, but probably not like always.

I'll see your finding hard to believe and I'll raise you my "if Intel knew about this, in 10 years they could have tweaked their implementation already" ;)
Everyone can speculate, but what we know at this point is Google only unearthed this through Project Zero.